Privacy Notice


Starion Group SA, hereinafter ‘the Company’ including its affiliates, ensures processing of Personal Data in accordance with, but not limited to, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – General Data Protection Regulation (‘GDPR’).

The terms ‘Personal Data’, ‘Data Subject’, ‘Data Controller’, ‘Data Processor’, ‘Joint Data Controller’, ‘Independent Data Controller’ and ‘Data Protection Officer’ hereinafter used have the meaning defined in article 4 of GDPR.

This Website Privacy Notice (hereinafter referred to as ‘Privacy Notice’) applies in relevant countries throughout Starion’s international network. Different countries throughout Starion’s international network may approach data privacy in slightly different ways; any country-specific terms can be found at the end of this notice.

Starion Group SA is the Data Controller of Personal Data and the Global Data Protection Officer can be contacted at


This Privacy Notice applies to users (the Data Subjects to whom the Personal Data belongs) visiting – when browsing the website, subscribing to Starion newsletters or filling in the Contact Us form. Users can be Company employees, the general public and/or current and potential clients and suppliers who may contact the Company to find out more about its services and business needs.

Users applying for a job through the website or via other channels should consult the Candidate Privacy Notice.

Categories of Personal Data and purposes for processing

The Company does not collect special categories of Personal Data as defined in Article 9 of GDPR: “Details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about employee health and genetic and biometric data”.

Categories of Personal Data collected on this website with their related purposes and legal basis are as follows:

PurposePersonal Data
Contact the companyName, surname, preferred title (optional), email, company name (optional)
MarketingPreferences declared with consent by Data Subjects visiting the Company website or subscribing to the Company newsletter
Website administrationBrowser type and version, location, operating system, language and device type used to access Company website. Further details can be found in the Company Cookie Notice

Recipients and transfers of Personal Data

Personal Data collected is processed internally only by duly authorised and informed persons, within the scope of what they need to know.

The Company will not pass on or sell Personal Data to third parties for their own marketing purposes.

The following external organisations have access to Personal Data only in the following cases:

Depending on the situation, these recipients sign a written contract with Starion distinguishing between different types of roles:

  • Data (sub-)Processor: this is the person/entity who processes the data on behalf of Starion and according to Starion’s documented instructions
  • Joint Data Controllers: Starion jointly determines with a client/provider the purposes and means of processing; they determine their respective responsibilities for compliance in specific privacy clauses
  • Independent Data Controllers: each party is acting as a separate Data Controller, respecting the duties and responsibilities of a Data Controller according to GDPR.

On the basis of specific agreements, the Company ensures compliance with the instructions and measures put in place for data processing.

If an international transfer of information involving Personal Data is needed, Starion ensures there are appropriate safeguards in place to ensure the safety and integrity of Personal Data through the following measures:

  • Binding corporate agreements that give Personal Data the same protection it has in the European Economic Area (EEA)
  • Standard contractual clauses approved by the European Commission for international transfer of Personal Data outside the EEA into contracts with those third parties, or the country in which personal information will be processed has been deemed ‘adequate’ by the European Commission
  • European Data Protection Board (EDPB) opinions on the European Commission Implementing Decision on the adequate protection of Personal Data under the European Union-US Data Privacy Framework.

Storage of Personal Data

The website is securely stored on web servers hosted by Krystal in the UK.

Data entered in the Contact Us form on this website will be stored on web servers hosted by Krystal in the UK and will be forwarded to the Company by email to be additionally hosted on Company servers in the European Union.

When subscribing to any Company publications, including newsletters, Personal Data will be stored by HubSpot, another Data Processor.

CookieYes stores only masked IP addresses when website visitors specify their cookie preferences.

When you send an email to the data will be stored in Starion’s servers hosted in the European Union.

The data will remain on these systems until Data Subjects specifically request removal by sending Starion an email. Data Subjects wanting to request deletion, updating or downloading of their Personal Data handled by Starion’s Data Processors can send an email to

Personal Data retention period

Personal Data is retained according to the purpose for which it has been collected:

  • Contact the company: until withdrawal of consent
  • Marketing: until withdrawal of consent
  • Website administration: as specified in the Cookie Notice.

Protection of Personal Data

The Company ensures security of processing (Article 32 of GDPR) by implementing appropriate technical and organisational measures to ensure an appropriate level of security. When assessing the appropriate level of security, Starion will take into consideration:

  • Risks presented by processing: accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed (data breach)
  • State of the art of security measures, costs of implementation of new security measures
  • Nature, scope, context and purposes of processing
  • Risk of varying likelihood and severity for the rights and freedoms of individual people.

Details of specific technical measures are available by sending an email to

Rights of Data Subjects

Website users have the following Data Subjects’ rights with regard to their Personal Data:

  • Right of access (Article 15): request access to all Personal Data processed
  • Right of rectification (Article 16): ask that any Personal Data that is inaccurate is corrected free of charge
  • Right to withdraw consent (Article 7): withdraw earlier given consent for processing Personal Data
  • Right of deletion (Article 17): request deletion of Personal Data if it is no longer required in light of the purposes outlined in this policy or if the consent to process them is withdrawn
  • Right of limitation (Article 18): ask to limit the processing of Personal Data if and when: a) the Data Subject contests the accuracy of that data; b) the processing is illegitimate; or c) the data is no longer needed for the purposes listed but the Data Subject needs it to defend themselves in judicial proceedings
  • Right of portability (Article 20): receive the Personal Data in a structured, commonly used and machine-readable format and, where technically feasible, directly transmit that data to another organisation
  • Right to object to automated processing, including profiling (Article 21): object to be subject to the legal effects of automated processing or profiling.

To exercise one or more of the rights listed above, Data Subjects should send an email to

The Data Protection Officer will promptly inform the Data Subject of having received this request. If the request proves valid, Starion will process it within 30 days of having received the request. If Data Subjects are unsatisfied with the response, they are free to file a complaint with the competent data protection authority.

Changes to the Privacy Policy

We reserve the right to change our Privacy Policy at any time. On this page you will always find the most recent version. If the new Privacy Policy affects the way in which we process data relating to you that has already been collected, we will notify you by email.

This website Privacy Notice was last reviewed and updated in April 2024.

Country-specific variations to Starion’s Privacy Notice

Jurisdiction: Belgium

Country-specific legal requirement:

The Company is entitled to rely on ‘soft opt-in’ consent in respect of certain marketing messages that Starion wishes to send to website users. In all other e-marketing circumstances, active ‘opt-in’ consent is required by law and the Company is required to keep records of each specific consent provided by users.

Note: this section will be updated when local implementing law shall be finalised.